asp.net 模拟
The MSDN Docs are very careful not to recommend using impersonation it affects connection pooling when talking to databases downstream. The suggestion that one takes care when using impersonation has been in place since its inception.
MSDN Docs非常小心,不建议使用模拟,它在与下游数据库通信时会影响连接池。 自从开始使用模仿时,就应该有人在意。
Know Your Tradeoffs with Impersonation
通过模拟了解您的权衡
Be aware that impersonation prevents the efficient use of connection pooling if you access downstream databases by using the impersonated identity. This impacts the ability of your application to scale. Also, using impersonation can introduce other security vulnerabilities, particularly in multi-threaded applications, such as ASP.NET Web applications.
请注意,如果您使用模拟的身份访问下游数据库,则模拟会阻止有效使用连接池。 这会影响您的应用程序扩展的能力。 此外,使用模拟还可能带来其他安全漏洞,尤其是在多线程应用程序(例如ASP.NET Web应用程序)中。
You might need impersonation if you need to:
如果您需要执行以下操作,则可能需要模拟:
· Flow the original caller's security context to the middle tier and/or data tier of your Web application to support fine-grained (per-user) authorization.
·将原始调用者的安全性上下文传递到Web应用程序的中间层和/或数据层,以支持细粒度的(按用户)授权。
· Flow the original caller's security context to the downstream tiers to support operating system level auditing.
·将原始呼叫者的安全上下文传递到下游层,以支持操作系统级别的审核。
· Access a particular network resource by using a specific identity.
·通过使用特定身份访问特定网络资源。
(http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/PAGGuidelines0001.asp)
( http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/PAGGuidelines0001.asp)
ScottGu has a good post on how to use declarative authorization to restrict access without impersonation. This works great with Forms Authentication and Custom Principals like we use at Corillian. Here's one of his examples:
ScottGu在如何使用声明授权来限制访问而无需模拟的方面有很好的文章。 这与我们在Corillian中使用的Forms Authentication和Custom Principals很好地配合使用。 这是他的例子之一:
1: using System; 2: using System.Security.Permissions; 3: 4: [PrincipalPermission(SecurityAction.Demand, Authenticated = true)] 5: public class EmployeeManager 6: { 7: [PrincipalPermission(SecurityAction.Demand, Role = "Manager")] 8: public Employee LookupEmployee(int employeeID) 9: { 10: // todo 11: } 12: 13: [PrincipalPermission(SecurityAction.Demand, Role = "HR")] 14: public void AddEmployee(Employee e) 15: { 16: // todo 17: } 18: } There's all sorts of wacky things one can do with impersonation, but it you ask yourself WHY you need it, perhaps you'll find a simpler solution.
模仿可以做各种各样的古怪的事情,但是您要问自己为什么需要它,也许您会找到一个更简单的解决方案。
One of my bosses always says "Guy walks into support, sez he needs a bigger mobile phone antenna. Doe he need a bigger antenna or does he really want better reception? Don't let your users dictate your solution with their statement of the problem."
我的一位老板总是说: “盖伊得到支持,说他需要更大的手机天线。是他需要更大的天线还是真的想要更好的接收?请不要让用户通过问题陈述来决定您的解决方案。”
翻译自: https://www.hanselman.com/blog/avoid-using-impersonation-in-aspnet
asp.net 模拟
565
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
